From 79e60e145f8a595bca5a784c00b437216d51de68 Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Mon, 13 Apr 2015 09:45:20 +0200
Subject: [PATCH] dnssec: improve timestamp heuristic

Signed-off-by: Steven Barth <steven@midlink.org>
---
 src/dnssec.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -462,17 +462,24 @@ static time_t timestamp_time;
 int setup_timestamp(void)
 {
   struct stat statbuf;
+  time_t now;
+  time_t base = 1420070400; /* 1-1-2015 */
   
   daemon->back_to_the_future = 0;
   
   if (!daemon->timestamp_file)
     return 0;
+
+  now = time(NULL);
+
+  if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0)
+    base = statbuf.st_mtime;
   
   if (stat(daemon->timestamp_file, &statbuf) != -1)
     {
       timestamp_time = statbuf.st_mtime;
     check_and_exit:
-      if (difftime(timestamp_time, time(0)) <=  0)
+      if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0)
 	{
 	  /* time already OK, update timestamp, and do key checking from the start. */
 	  if (utime(daemon->timestamp_file, NULL) == -1)
@@ -493,7 +500,7 @@ int setup_timestamp(void)
 
 	  close(fd);
 	  
-	  timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
+	  timestamp_time = timbuf.actime = timbuf.modtime = base;
 	  if (utime(daemon->timestamp_file, &timbuf) == 0)
 	    goto check_and_exit;
 	}